[Dshield] An unfixed highly critical vulnerability discovered in Microsoft Internet Explorer
peter.stendahl-juvonen at welho.com
Thu Apr 8 13:15:52 GMT 2004
An unfixed highly critical vulnerability discovered in Microsoft
Wanted to ensure everyone concerned (MS IE 5.01, 5.5 and 6 users) on
this list is aware of this unfixed critical vulnerability:
Microsoft Internet Explorer does not properly validate source of CHM
components referenced by ITS protocol handlers
Overview: Microsoft Internet Explorer (IE) does not adequately validate
the source of script contained in compiled help (CHM) file components
that are referenced by the Microsoft InfoTech Storage (ITS) protocol
handlers. An attacker could exploit this vulnerability to execute script
in different security domains. By causing script to be run in the Local
Machine Zone, the attacker could execute arbitrary code with the
privileges of the user running IE.
AU-2004.007 -- AusCERT Update - Vulnerability in Internet Explorer
Allows Program Execution
Internet Explorer showHelp() Restriction Bypass Vulnerability
Critical: Highly critical
Impact: Security Bypass
Where: From remote
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
When visited Secunia's web page (at the above address), I received the
following virus alert (issued by NAV2004):
Source: C:\Documents and Settings\username\Local Settings\Temporary
Click for more information about this threat: Bloodhound.Exploit.6
Guess this is just Secunia's way of demonstrating the vulnerability's
existence on browsers concerned.
Since the virus was detected in browser's cache, access to the infected
file was denied and repair failed. After closing the browser a scan of
Temporary Internet Files, however show NO threats.
Bloodhound.Exploit.6 is a heuristic detection for exploits of a
Microsoft Internet Explorer vulnerability, which was discovered in
The vulnerability results from the incorrect handling of HTML files
embedded in CHM files. (CHM is the Microsoft-compiled HTML help format.)
This vulnerability is known to be used in the wild.
"When we thought that we had all the answers,
suddenly all the questions changed."
Mario Benedetti (1920); Uruguayan writer.
More information about the list